Cybersecurity Growth

- livestream and podcast

Duration: Weekly, 90 minutes

Title: Cybersecurity Growth #2 - Practical uses of the Secure Controls Framework

Opening

• When You Arrived instrumental as theme song

Welcome to Cybersecurity Growth. A show for aspiring and existing cybersecurity leaders. I’m your host Shawn Valle, Exec Director and CISO of Cybersecurity Growth

Former Chief Security Officer of Rapid7 and former CISO of Tricentis

Musician here on Twitch and elsewhere, MusicBySV (more on that later)

Top News Stories

https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_campaign=sm-blog&utm_source=linkedin&utm_medium=organic-social

New emergent threat response: "CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability."

Glenn Thorpe of Rapid7 “This has kept us busy over the past 24+ hours. If you’re running ManageEngine software you should:

1. Patch it always no questions asked just do it.

2a. Keep it as segmented as possible from the public internet regardless of its function.

2b. Migrate away from it.”

Dozens of products impacted.

Access Manager Plus*

Active Directory 360**

ADAudit Plus**

ADManager Plus**

ADSelfService Plus**

Analytics Plus*

Application Control Plus*

Asset Explorer**

Browser Security Plus*

Device Control Plus*

Endpoint Central*

Endpoint Central MSP*

Endpoint DLP*

Key Manager Plus*

OS Deployer*

PAM 360*

Password Manager Pro*

Patch Manager Plus*

Remote Access Plus*

Remote Monitoring and Management (RMM)*

ServiceDesk Plus**

ServiceDesk Plus MSP**

SupportCenter Plus**

Vulnerability Manager Plus*

https://www.csoonline.com/article/3684850/11-top-xdr-tools-and-how-to-evaluate-them.html

By Tim Ferrill CSO Online

11 top XDR tools and how to evaluate them

Extended detection and response tools provide a deeper and more automated means to identify and respond to threats. These are some of the most popular options.

XDR is a relatively new class of security tool that combines and builds on the strongest elements of security incident and event management (SIEM), endpoint detection and response (EDR), and even security orchestration and response (SOAR).

Trend Micro,

Microsoft XDR,

Palo Alto Networks Cortex XDR,

Crowdstrike Falcon Insight XDR,

Bitdefender GravityZone Business Security Enterprise,

SentinelOne Singularity XDR,

Cybereason XDR,

VMware Carbon Black XDR,

Elastic Security for XDR,

Trellix XDR Platform,

Cynet 360 AutoXDR

https://www.csoonline.com/article/3685670/attackers-deploy-sophisticated-linux-implant-on-fortinet-network-security-devices.html

By Lucian Constantin

Attackers deploy sophisticated Linux implant on Fortinet network security devices

The exploit allows attackers to remotely execute arbitrary code and commands without authentication.

Fortinet disclosed that a critical vulnerability in its FortiOS operating system was being exploited by attackers in the wild. This week, after additional analysis, the company released more details…

…the original zero-day attack was highly targeted to government-related entities…

… CVE-2022-42475, is in the SSL-VPN functionality of FortiOS and can be exploited by remote attackers without authentication. Successful exploitation can result in the execution of arbitrary code and commands.

Patch your Fortinet gear.

Death By Slides

- Practical uses of the Secure Controls Framework

What’chu Listening To or Creating

- Talk about music

That’s a Wrap

• Concluding topics
• Thank you for listening
• Web address, socials
• I’m Shawn Valle, creator of this show and the music here on Cybersecurity Growth
• Cybersecuritygrowth.com and cybersecuritygrowth.com/blog
• @shawnvalle or @cybersecuritygrowth
• If you like the show, please tell your friends. If you hate it, tell your adversaries. Like/subscribe and leave 5-stars and a review like “great show, I learned something new to help me in my cybersecurity career.”
• This week we covered
• Practical application of the Secure Controls Framework. Picking up from where we left off last week. My takeaway is, if you are dealing with 3 or more security/privacy frameworks, it’s worth investing time into SCF and possibly a tool that uses SCF as an overarching security framework, for all your compliance/security/privacy frameworks. It may save you time, and provides a wholistic framework for just about any control you could imagine. But, it could be overwhelming, if you are just getting started...so, if you are just getting started on your compliance/security/privacy journey, you may want to wait a year or two before you jump into SCF.
• Plans for next week
• [My approach for the first 100 days as a security leader (this could be as a CISO, but also as a Director of team reporting to the CISO – like GRC Dir, SecOps Dir, ProdSec Dir, etc.)]
• Live on Twitch weekly, Fridays at 10:30 AM EST, 7:30 AM PST, 3:30 PM GMT in your pod feeds a few days later.